Sunday, August 2, 2009

Security by obscurity?

Tired of remembering passwords? You can now "encrypt" files using an image instead of a password. PixelCryptor is a simple tool with an intuitive interface. You choose the file that you want to protect then the image you want to secure it with.

Original file versus the "encrypted" form. It seems to be "encrypted" but I'm sceptical because this tool does not seem to follow any industry standard encryption and does not provide information regarding its encryption methodology. The only hint of what transpires if this statement from their website.
"The pixel data is used to encrypt your data. The combinations are endless and hard to break."

Decided to run tests against PixelCryptor. I converted my original seed image from Jpg to Gif format to lose data. PixelCryptor allowed me to use the degraded image to "decrypt". Using a hex editor, it was discovered that the full contents of the original file could not be retrieved using the degraded image. This does imply that the tool truly uses pixel information to transform files.

I'm still sceptical about the viability of using images as the seed key. Imagine keeping important files "encrypted" on your flash drive... this would require the owner to store the necessary image to "decrypt" on the same drive and it will only be a matter of time before a malicious person who wants to access those said documents figuring out what to do.


  1. You could use an image you have put online, either from another site or some image you stored yourself in a convenient location. That way, can always retrieve, but will be very difficult to guess for another person how it works.

  2. It will be a pain if you don't have an Internet connection. Not to mention the risk when using an untrusted network or machine too.